Many of you will remember two years ago quotes by Gartner analyst John Pescatore, such as this in Infoworld:
"We think IDS is dead. It’s failed to provide enterprise value," Pescatore says.
Now this security expert has written more words of wisdom is response to an apparent increase in reconnaissance for port 445 TCP. In More Port 445 Activity Could Mean Security Trouble, Pescatore writes:
"An apparent increase in scanning activity may signal an impending malicious-code attack exploiting a critical Windows vulnerability."
Fair enough -- but check out this gem from the next page:
"The apparent increase in 'sniffing' on Port 445 is a serious concern for enterprise security managers, because it may indicate an impending mass malicious-code attack."
Since when is remote reconnaissance considered "sniffing"? Sniffing is a term reserved for inspecting traffic either on the wire or passed via RF. The word implies having a degree of access to an enterprise completely unrelated to conducting port scans.
Of course, drones at Computerworld repeated the misuse of terms by saying
"An increase in sniffing activity on a communications port associated with a software vulnerability disclosed by Microsoft Corp. this month may be the signal of an impending attack designed to exploit the flaw, according to an alert from Gartner Inc."
Regular blog readers know I am sensitive to the misuse of security terms, since it degrades communication and adds to the general level of confusion. I do not know what motivated an outfit like Gartner to apply "sniffing" to the scanning activity in question.